Foreman Setup (before puppet)

First, open the instructions from here: http://theforeman.org/manuals/1.1/index.html

Start with a fresh install of SL6

# Configure root authorized_keys
# Configure iptables to close SSH to the world
# yum update
# Disable nightly yum upgrades: sed 's/ENABLED=.*/ENABLED="false"/' -i /etc/sysconfig/yum-autoupdate
# Disable selinux
# reboot

At this point, check the Installation manual, some things may have changed: http://theforeman.org/manuals/1.1/index.html#3.InstallingForeman

Enable epel/epel-testing repos: rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Enable puppetlabs repo: rpm -Uvh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm
Enable foreman repo: rpm -Uvh http://yum.theforeman.org/releases/1.1/el6/x86_64/foreman-release-1.1stable-3.el6.noarch.rpm
Install puppet client yum install puppet
Install foreman installer yum install foreman-installer

And run the installer

ruby /usr/share/foreman-installer/generate_answers.rb

After Foreman has been installed, configure the firewall to allow ports 443 and 22 to the office, and 80, 8443, 8140 and 69 (udp) for the cluster network only. You should be able to connect to https://foreman.lcg.cscs.ch

Then you need to configure Foreman. There is plenty of documentation, but one needs to understand its parts.

Change the password (admin/changeme)
Basic Foreman installation: http://www.youtube.com/watch?v=2dwyzPpFJYQ
Setting up provisioning: http://www.youtube.com/watch?v=eHjpZr3GB6s
Watch out for your proxies. You probably don't want to start the DHCP proxy (disabled by default, anyway), but rather configure it yourself and enable the proxy in /etc/foreman-proxy/settings.yml (needs a service foreman-proxy restart). Then the proxy saves its configuration in the dhcpd.leases file, instead of the dhcpd.conf. Not a bad solution!
Check configuration values in /etc/foreman/settings.yaml: http://theforeman.org/manuals/1.1/index.html#3.5.2ConfigurationOptions
Add the correct mail relay server (smtp.cscs.) to /etc/foreman/email.yaml
Enable puppetrun (for puppet>3.0, where puppetrun is not available, they use puppet kick). Instructions here: http://projects.theforeman.org/projects/foreman/wiki/Puppetrun
Restart foreman after changing those values (service foreman restart)

In order to understand how Foreman acts as an ENC (external node classifier), read this: http://theforeman.org/manuals/1.1/index.html#4.2ManagingPuppet

Puppet configuration

Module standards

Modules should be written according to some standards:

There should be a main class, with parameters, and good default values (Generic vs CSCS?). Puppet does an automatic Hiera search on every parameter (if not specified in the call)
Modules should have non-destructive behavior (for running jobs). If something destructive should be done, do it only when the "maintenance" fact is set to true, and return some kind of warning (to alert the sysadmin that there is some action pending) and/or raise a nagios alert (with messages like "service maintenance needed" or "machine reboot pending").
Modules should provide their own monitoring (for nagios)
(for discussion) Modules should provide their own regression checks
Modules should be properly documented, and branches (prod/test) kept in good shape, by its maintainer.
Style guide: http://docs.puppetlabs.com/guides/style_guide.html

Procedures

Collaborators would create their own development branch, modify, test, and propose the change to the maintainer.

Module organization

GIT workflow and environments (inc hooks): https://puppetlabs.com/blog/git-workflow-and-puppet-environments/
GIT Flow, a way to organize modules. Master=Production, Develop=Testing. http://nvie.com/posts/a-successful-git-branching-model
Installing modules from the forge: http://docs.puppetlabs.com/puppet/2.7/reference/modules_installing.html#installing-from-another-module-repository
Librarian puppet: http://blog.csanchez.org/2013/01/24/managing-puppet-modules-with-librarian-puppet/
Other options (librarian, git submodules, etc.) with an alternative proposal (r10k): http://somethingsinistral.net/blog/scaling-puppet-environment-deployment/
Great documentation about Git branching (and other topics on Git): http://git-scm.com/book/en/Git-Branching-Branch-Management

Other:

Git with submodules (not recommended!): http://blog.thesilentpenguin.com/blog/2012/02/21/puppet-with-git-submodules-for-fun-and-profit/
Puppet Training videos from PuppetConf: http://puppetconf.com/blog/watch-and-learn-puppetconf-2012-videos/

Obsolete

This is (for now) just notes for reference.

Start with a fresh install of SL6.
Enable epel/epel-testing repos: =rpm -i http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm=
Install puppet-server: yum install puppet-server --enablerepo=epel-testing,epel

Enable puppet repo (for utils):

cat > /etc/yum.repos.d/puppetlabs.repo << EOF
[puppetlabs]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/base/
enabled=0
gpgcheck=1
gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive
EOF

yum install mcollective puppet-dashboard --enablerepo=puppetlabs,epel

Download foreman

cat > /etc/yum.repos.d/foreman.repo << EOF
[foreman]
name=Foreman Repo
baseurl=http://yum.theforeman.org/stable
gpgcheck=0
enabled=0
EOF

yum install foreman --enablerepo=foreman

Then we need to configure what we've installed. I found a nice debian howto here, need to adapt a bit to rhel6. https://host1.no/blog/puppet/how-to-install-puppet-and-puppet-dashboard/

-- PabloFernandez - 2011-08-25